KNETI
KNETI is the key used by a network HSM (for example, nShield Connect) to identify itself securely to a client, or by a client equipped with an nToken to identify itself securely to a network HSM.
A client’s KNETI:
-
is a 3072-bit DSA key (1024 bits for older firmware)
-
is blobbed under
KM0(see KM0)
The use of KM0 to blob KNETI, combined with the desctruction of KM0 when the module is reinitialized, explains why a hardserver sometimes logs the message "Failed to load kneti".
The blob it is attempting to load is protected by an old KM0, which is no longer available.
This only occurs with full (non-nToken) modules, since an nToken cannot normally be reinitialized.
A network HSM’s KNETI:
-
is a 3072-bit DSA key (1024 bits for older firmware)
-
is protected by the network HSM’s enclosure